A primary goal of businesses is to select applications that enable their business to do more with less. With security tools, the need to be more cost-effective and allow development teams to innovate has never been greater.  We require innovative security solutions that work with managed platforms and providers to be more cost-effective to achieve this goal. This also involves collaboration, as security teams seek to empower development teams and business units to make more informed risk management decisions to scale with the demands for innovation.

Organizations operating a security program at scale need to delegate some security responsibility across the organization. As they mature, it is unrealistic for a small centralized team to have the business context and technical skillset to advise and help make informed risk management decisions. The need to scale, bridge skill gaps and make security decisions based on business context and priority has led to the DevSecOps movement and the need for self-service security.  

As organizations continue to adopt Kubernetes at an accelerated pace, they need a tool designed to secure it in a Kubernetes native way. Kubernetes native security allows teams to achieve additional context about a holistic application and use that context to make more informed risk management decisions. Security vendors have the opportunity to provide that context to enable advanced security use cases that take advantage of the context Kubernetes aggregates.

For these reasons, In Q3, we’ve invested heavily in three major thematic trends.

1. Platform support expansion to managed services
2. Self-service security workflows
3. Advanced security use cases for Kubernetes

Platform Support Expansion

RHACS is Now Supported on Red Hat Openshift Service on AWS (ROSA) and Azure Red Hat Openshift (ARO) Services

Organizations increasingly need to deliver high-quality, innovative applications that provide greater business value and effectively scale according to rapidly changing demands. To solve this issue, Red Hat partnered with AWS and Azure to create the Azure Red Hat OpenShift (ARO) and Red Hat OpenShift Service on AWS (ROSA) managed service offerings. Together, Red Hat, AWS and Azure provide solutions to quickly create, deploy, and manage traditional & container-based applications consistently across the hybrid cloud.

Red Hat Advanced Cluster Security for Kubernetes (RHACS) supports these managed cloud offerings. RHACS elevates the ARO and ROSA services enabling security controls and a more holistic security program while maintaining the agility of a managed service.

Self Service Security

RHACS Now Supports Scoped Access Control  

As enterprises continue to invest in empowering their security champions and development teams across the organization, they need their development team to have accessible information readily available. But they also don’t want to create unnecessary noise or leak information about applications that their development teams aren’t responsible for.

RHACS now allows organizations to scope the security visibility their teams can achieve based on scoped roles. With scoped roles, security teams can align the roles of each business unit team to only the applications they need to achieve least privilege. Because most organizations logically separate their teams by cluster or namespace, RHACS allows role scopes to be defined for each secured cluster and their namespaces. When organizations need to scale their team management, a labeling-based approach can be used to codify and scale the access scope rules applied across their organization.

Alert Notifications With Greater Context and More Flexibility and Increased Support for Notifiers

Security and DevOps teams rely on notifications to alert policy violations and abnormal behavior in their Kubernetes clusters. As organizations scale, scenarios may arise where multiple teams operate in a multi-tenant infrastructure and need notifications about issues that affect them. To ensure that we only provide teams with the relevant information. Organizations want their security applications to utilize existing notification applications efficiently. This can be challenging in Kubernetes due to the size and scale of your applications and various team responsibilities. Kubernetes also provides a significant amount of metadata and context for its workloads. It is pertinent that notifications are provided to the appropriate audience with the context to triage and address them.

To solve this issue, RHACS allows users to specify annotations on namespaces and deployments that define where to direct impactful notifications to the appropriate team for triage in a tight feedback loop. This allows greater flexibility and configuration when violation notifications are distributed to teams using notification systems like Slack and email. Violation notifications will include information such as cluster, policy, deployment and image name in question. This level of detail will provide precise notification enabling your teams to solve issues quicker and more succinctly.

Advanced Security Features

RHACS Aligns Its Policies With the MITRE ATT&CK Framework.

The MITRE ATT&CK Framework is a knowledge base that helps teams model adversarial behavior using common tactics and techniques used by attackers.  Enterprises use MITRE ATT&CK  to assess the maturity of their security operations and perform gap assessments to ensure their security program can respond to various tactics and techniques they may encounter in a cyber incident in the wild. Incident response teams also use the MITRE ATT&CK Framework to prioritize investigation efforts across multiple incidents.

RHACS now embeds the MITRE ATT&CK Framework into default policies and custom policies to help streamline cyber gap assessments. This information may also be forwarded to a SIEM to assist in event triage.

Alert Against Openshift API Server Secrets and Configmaps Changes and Alterations.

Attacks against the Kubernetes API server can allow attackers to run malicious code, attempt to steal account names and passwords, escalate privileges or even change application configuration. RHACS already contains controls to mitigate the risk of an attack against the API server by monitoring and blocking high-risk commands to the API server. These commands are “kubectl exec”, which can be used to run malicious code and troubleshoot, and “kubectl port-forward”, which can be used to bypass network controls.

RHACS expanded on its API server-level controls by allowing teams to monitor access to ConfigMaps and Secrets. Organizations can now use these to monitor access to their most sensitive secrets, such as those with broad access throughout the cluster or access to highly sensitive data. The ability to monitor configmaps and secrets can alert teams to credential access or malicious configuration attempts by threat actors.

Create Network Policies Based on a Network Traffic Baseline.

One of the most significant challenges of broadly segmented teams in large organizations is the lack of context to make informed risk management decisions. In the case of a network policy, Informed risk management is simple when the requirement is to add access and much more difficult when the requirement is to remove access.

RHACS provides a baseline of network traffic over a specified period to help teams make more informed decisions about network policy  Users can now use this network baseline to generate automated network policies. These help security teams audit and recommend hardening network policies based on known network traffic patterns associated with deployments.

Learn More

To learn more about Red Hat Advanced Cluster Security, visit our product page and documentation.

To get a more personalized look at RHACS, you can request a demo.